Privacy Policy

1. Scope & applicability

This Privacy Policy ("Policy") explains how Buyer.gg LLC, a Delaware limited liability company ("Buyer.gg", "we", "us", or "our"), collects, uses, shares, and protects your personal information when you visit, browse, register for, or otherwise use buyer.gg and the related websites, features, and services we operate (collectively, the "Service" or "Site"). Buyer.gg LLC is the merchant of record for purchases made through the Service.

1.1 What the Service is

buyer.gg is an independent online marketplace for virtual in-game items used in Roblox experiences. Items are delivered manually, in-game, by our staff to a verified in-game account that you provide. As a secondary feature, we offer guaranteed-item bundles: every bundle always delivers an item worth at least the bundle price — there is no empty bundle and no losing outcome, and this guarantee is enforced structurally in our systems. Bundles are not gambling, lootboxes, or games of chance. The Service also includes a prepaid wallet balance, the Star Points loyalty program, account levels and claimable rewards, a referral program, and occasional free-entry raffles and giveaways (which are not gambling).

1.2 Independence & trademarks

We are an independent marketplace and are not affiliated with, endorsed by, or sponsored by Roblox Corporation, Uplift Games LLC, or any game developer. All trademarks, service marks, and trade names referenced on the Service belong to their respective owners and are used only for nominative, descriptive purposes (nominative fair use). Roblox and other platforms may restrict third-party trading and may suspend or ban accounts engaged in real-money trading; those decisions are outside our control.

1.3 Who this Policy applies to

• Visitors who browse the Service without an account;
• Registered users who create an account and make purchases; and
• Anyone who contacts us for support or other inquiries.

This Policy applies regardless of where you access the Service. The Service is intended for users who are at least 13 years old — see Section 4 (Children's privacy).

1.4 Acceptance

By using the Service, you acknowledge that you have read and understood this Policy and our Terms of Service. If you do not agree, please do not use the Service. This Policy is incorporated into the Terms of Service by reference.

2. Information we collect

We collect only what we need to run the marketplace, deliver your items, process payments, operate loyalty and referral features, and keep the Service safe. The table below describes the categories of personal information we collect.

3. How we collect information

3.1 Directly from you

You provide information when you create an account, verify your in-game account, place an order, top up your wallet, redeem an item, use a promo or referral code, or contact our support team.

3.2 Automatically

When you use the Service, we automatically collect technical and usage data (such as your IP address, approximate location derived from your IP, device and browser type, and pages viewed) through cookies, browser local/session storage, and our server logs. See Section 10 (Cookies & local storage).

3.3 From our payment processors

When you pay, our payment processors share limited information with us — such as the payment status, amount, currency, and a transaction reference — so we can fulfill orders and keep accurate records. We do not receive your full card details from them.

3.4 From Google (optional OAuth sign-in)

If you choose to sign in with Google, Google shares your Google account identifier and basic profile information with us, subject to your Google account permissions. We use this only to authenticate you and create or access your account. Your use of Google sign-in is also governed by Google's own privacy policy.

4. Children's privacy (COPPA)

4.1 No knowing collection from children under 13

Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect, use, or disclose personal information from children under the age of 13. We do not operate a verifiable parental consent (VPC) program, and we do not offer the Service to children under 13.

4.2 If we learn we have under-13 data

If we discover that we have collected personal information from a child under 13 without proper authorization, we will delete that information promptly. If you are a parent or legal guardian and believe a child under 13 has provided us with personal information, please contact us at corporate@buyer.gg and we will investigate and delete the information as required.

4.3 Users aged 13 to 17

If you are under 18 (or the age of majority where you live) but at least 13, you may use the Service only with the permission and active involvement of a parent or legal guardian. That adult is responsible for the minor's activity on the Service, including any purchases. Parents and guardians can contact us at corporate@buyer.gg to review, correct, or request deletion of their minor's information.

5. How we use your information

We use the information described above for the following purposes:

• Account management — to create, authenticate, secure, and maintain your account, including login, password reset, and revocable sessions.
• Transaction processing — to process orders and wallet top-ups, work with our payment processors, credit your wallet, record bundle openings, and maintain your inventory, Star Points, levels, rewards, and referral activity.
• Delivery — to deliver purchased and redeemed items manually, in-game, to your verified in-game account.
• Fraud, abuse & limits — to detect, prevent, and investigate fraud, chargebacks, multi-accounting, promo and referral abuse, and security incidents, and to enforce eligibility and usage limits.
• Customer support — to respond to your questions and resolve issues.
• Legal compliance — to comply with applicable legal, tax, accounting, and regulatory obligations and to respond to lawful requests.
• Analytics (in aggregate) — to understand, in aggregated and de-identified form, how the Service is used so we can measure performance and reliability.
• Communications — to send transactional messages such as order confirmations, delivery notices, redemption updates, and security and account emails. We may also send optional marketing or promotional messages where permitted; these are opt-out and you can unsubscribe at any time.
• Product improvement — to develop, test, and improve features and the overall experience.
• Dispute resolution — to investigate and resolve disputes, enforce our agreements, and establish, exercise, or defend legal claims.
• Safety — to protect the rights, property, and safety of Buyer.gg, our users, and the public.

6. Legal bases for processing

Where the EU or UK General Data Protection Regulation (GDPR) applies, we process your personal information on the following legal bases:

• Performance of a contract — to provide the Service you request, including processing orders and delivering items (GDPR Art. 6(1)(b)).
• Legitimate interests — to secure, operate, analyze, and improve the Service, prevent fraud and abuse, and protect our rights, balanced against your interests and rights (GDPR Art. 6(1)(f)).
• Consent — where required, such as for optional marketing communications or certain cookies; you may withdraw consent at any time (GDPR Art. 6(1)(a)).
• Compliance with a legal obligation — to meet legal, tax, accounting, and regulatory requirements (GDPR Art. 6(1)(c)).

Where we rely on legitimate interests, you may object to that processing as described in Section 12.

7. How we share information

7.1 Service providers (subprocessors)

We share personal information only as needed to operate the Service, with the service providers below. They are permitted to use the information only to provide services to us and must protect it under their agreements with us.

7.2 Legal & safety disclosures

We may disclose information when we believe in good faith that doing so is necessary to: (a) comply with applicable law, legal process, or lawful government or regulatory requests; (b) enforce our Terms of Service and other agreements; (c) detect, prevent, or address fraud, abuse, security, or technical issues; or (d) protect the rights, property, or safety of Buyer.gg, our users, or the public.

7.3 Business transfers

If Buyer.gg is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, your information may be transferred as part of that transaction. We will require the recipient to honor this Policy or provide notice and choice where required by law.

8. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Our general retention practices are:

When personal information is no longer needed for these purposes, we delete or de-identify it. Where deletion is not immediately feasible (for example, information stored in backups), we securely isolate the information and protect it from further processing until deletion is possible.

9. Security

We use reasonable technical and organizational measures designed to protect personal information, including:

• Encryption of data in transit using TLS (HTTPS);
• Storage of passwords in hashed form (never plain text);
• Access controls and the principle of least privilege for staff;
• Rate limiting and other abuse-prevention safeguards; and
• Encryption at rest where provided by our hosting and database providers.

No method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security. You are responsible for using a strong, unique password and keeping your login credentials confidential.

9.1 Breach notification

If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities as required by applicable law, including U.S. state breach-notification laws (for example, Cal. Civ. Code §1798.82) and, where the GDPR applies, the breach-notification requirements of GDPR Art. 33 and Art. 34.

10. Cookies & local storage

We currently use only strictly necessary and functional cookies and browser local/session storage. These keep you signed in (your authentication/session token is held in browser storage), protect the Service (for example, CSRF and security protections), and remember your cart and preferences.

We do not currently use Google Analytics, the Meta/Facebook Pixel, advertising or retargeting cookies, A/B-testing trackers, or a cookie preference center. Some of our service providers may set their own cookies for the limited purposes for which they are used: Cloudflare (security), Crisp (support chat, where enabled), and Google (only during the optional sign-in flow).

If we introduce analytics, advertising, or other tracking technologies in the future, we will update this Policy and our Cookie Policy and obtain consent where required. For more detail, see our Cookie Policy.

11. California privacy rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), gives you the following rights:

• Right to know / access — to request the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of recipients.
• Right to delete — to request deletion of personal information we have collected about you, subject to legal exceptions.
• Right to correct — to request correction of inaccurate personal information.
• Right to opt out of sale or sharing — note that we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of; we nonetheless honor opt-out and Global Privacy Control (GPC) signals.
• Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes that would trigger this right.
• Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

11.1 How to submit a request

To exercise these rights, email corporate@buyer.gg. We will verify your identity before acting on your request and will respond within 45 days (extendable by an additional 45 days where permitted, with notice). If we deny your request, you may appeal by replying to our response; we will review and respond to your appeal.

11.2 Authorized agents & GPC

You may use an authorized agent to submit a request on your behalf, subject to verification. We honor opt-out preference signals such as the Global Privacy Control (GPC) where applicable.

12. EEA & UK privacy rights (GDPR / UK GDPR)

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following rights with respect to your personal information, subject to applicable law:

• Access — to obtain confirmation of, and a copy of, the personal data we hold about you;
• Rectification — to have inaccurate or incomplete data corrected;
• Erasure — to have your data deleted in certain circumstances ("right to be forgotten");
• Restriction — to restrict our processing in certain circumstances;
• Portability — to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller;
• Objection — to object to processing based on our legitimate interests, and to object to direct marketing at any time;
• Withdraw consent — to withdraw consent at any time where we rely on it, without affecting prior processing; and
• Complain — to lodge a complaint with your local data-protection supervisory authority.

To exercise these rights, contact corporate@buyer.gg. We will respond within one month of receiving your request, extendable by up to two further months for complex or numerous requests, with notice, as permitted by Art. 12(3) GDPR.

13. International data transfers

We operate from the United States, and your information is processed in the United States and by our service providers, which may process information in the United States and other countries. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in countries whose data-protection laws may differ from those in your country.

Where we transfer personal information out of the EEA, UK, or Switzerland, we use appropriate safeguards required by law, such as the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA), or rely on another lawful transfer mechanism. To request information about these safeguards, contact corporate@buyer.gg.

14. Third-party links

The Service may contain links to third-party websites, services, or resources that we do not operate or control, including Roblox, payment processors, and our service providers. This Policy does not apply to those third parties. We are not responsible for their privacy practices or content, and we encourage you to review the privacy policies of any third-party services you use.

15. Copyright & DMCA notices

We respect the intellectual-property rights of others and expect users of the Service to do the same. If you believe that material available on or through the Service infringes your copyright, you may submit a notice under the U.S. Digital Millennium Copyright Act (DMCA), 17 U.S.C. § 512.

15.1 Designated agent

Our designated agent to receive notifications of claimed copyright infringement is reachable at corporate@buyer.gg (subject line: "DMCA Notice"), or by mail at Buyer.gg LLC, 8 The Green, STE B, Dover, Kent County, DE 19901, United States, Attn: DMCA Designated Agent. Registration of our designated agent with the U.S. Copyright Office is a step the operator completes; once registered, we will update this section with the corresponding registration details.

15.2 Filing a notice of claimed infringement

To be effective under 17 U.S.C. § 512(c)(3), your written notice to our designated agent must include substantially all of the following:

• Identification of the copyrighted work you claim has been infringed (or, if multiple works are covered by a single notice, a representative list of those works);
• Identification of the material that you claim is infringing and that you want removed or disabled, with enough detail to let us locate it (for example, the URL or page on the Service);
• Your contact information, including your name, mailing address, telephone number, and email address;
• A statement that you have a good-faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law;
• A statement that the information in your notice is accurate, and under penalty of perjury, that you are the copyright owner or are authorized to act on the owner's behalf; and
• Your physical or electronic signature.

Please note that under 17 U.S.C. § 512(f), any person who knowingly materially misrepresents that material is infringing may be liable for damages.

15.3 Counter-notification

If you believe that material you posted was removed or disabled by mistake or misidentification, you may send a counter-notification to our designated agent at corporate@buyer.gg. To be effective under 17 U.S.C. § 512(g)(3), your counter-notification must include substantially all of the following:

• Identification of the material that was removed or disabled and the location at which it appeared before it was removed or disabled;
• A statement, under penalty of perjury, that you have a good-faith belief the material was removed or disabled as a result of mistake or misidentification;
• Your name, mailing address, telephone number, and email address;
• A statement that you consent to the jurisdiction of the U.S. federal district court for the judicial district in which your address is located (or, if your address is outside the United States, the U.S. federal district court for the District of Delaware), and that you will accept service of process from the person who submitted the original notice or their agent; and
• Your physical or electronic signature.

If we receive a valid counter-notification, we may restore the removed material, subject to the timeframes and procedures set out in 17 U.S.C. § 512(g), unless the original complaining party files an action seeking a court order against the user.

15.4 Repeat infringers

In appropriate circumstances and at our discretion, we will terminate the accounts of users who are determined to be repeat infringers, and we may remove or disable access to infringing material and take other action consistent with the DMCA and our Terms of Service.

16. Changes to this Policy

We may update this Policy from time to time. When we make changes, we will update the "Last updated" date and version number at the top of this page. If we make material changes, we will provide additional notice where appropriate, such as by email or a prominent notice on the Service. Your continued use of the Service after the changes take effect means you accept the updated Policy. We encourage you to review this Policy periodically.

17. Contact us

If you have questions, concerns, or requests regarding this Policy or your personal information, please contact us:

• Privacy, legal & DMCA notices: corporate@buyer.gg (for copyright/DMCA notices, see Section 15)
• Customer support: support@buyer.gg

Buyer.gg LLC, a Delaware limited liability company
8 The Green, STE B, Dover, Kent County, DE 19901, United States